Thread: Comparison of Anti-Virus software
View Single Post
  #66  
Old May 12th 20, 10:12 AM posted to alt.computer.workshop,alt.comp.os.windows-10,uk.comp.sys.mac,comp.sys.mac.system
Diesel
external usenet poster
  
Posts: 344
Default Comparison of Anti-Virus software
Ken Blake
Mon, 11 May 2020 15:53:33 GMT
in alt.computer.workshop, wrote:

On 5/10/2020 2:52 PM, Shadow wrote:
On Sun, 10 May 2020 11:52:11 -0700, Ken Blake
wrote:

On 5/10/2020 10:52 AM, Shadow wrote:

FWIW, I haven't used a resident AV for ages.... and I'm on
XP. Safe hex is the way to go with any OS.



As far as I'm concerned, there are *four* ways to go, and none of
them should be omitted:

Safe Hex
Antivirus program
Antispyware program
Firewall

What you do is of course up to you, not me, but as far as I'm
concerned, relying just on safe hex is foolhardy. There's always
a chance that you will make a mistake some day when you're very
tired, have had too much to drink, having just had a fight with
your spouse, etc.

A firewall is part of safe Hex



To me, it's something very different.


(two here, one in the router).


Same here.


And I scan with USB-booted AVs quite frequently. I said I don't
use a resident AV.


There's a big difference between the two types. Your frequent
scans can detect malware that has already infected you. A resident
AV can often prevent malware installation, and as far as I'm
concerned, that's what makes it much better.

Slight correction: It can prevent known malware from being accidently
executed by you, yes. Again, I want to stress, KNOWN MALWARE. If it's
not known to your av/am, it's coming in to say hello. And you've
wasted resident resouces for no gain. Infact, if it's an executable
infector, it could just wait for your av/am to open files to scan and
infect them when it sees file handle release api call. Your av/am
will open alot more files, much more frequently, and the malware
doesn't even have to waste code for search routines, it can let your
trusted security dog do the searching for you.

What i've explained isn't theortical, or proof of concept with
nothing in the wild having done it. It has been done, it continues to
be done. It's a tried and true trick, infact. Works as long as your
code doesn't become known to av/am.

You forgot backups.


No, I didn't. To me, it's also something very different.

As long as I can remember, backups is part of the safe hex routine.
It's not something very different. Remember: jesus saves, but only
budda makes incremental backups. If you care about it, back it up. NO
AV/AM or any other kind of safe hex is going to save you from
hardware failure. And even in this day and age, you have a higher
risk of losing data due to user error and/or hardware failure than
you actually do malware.

Ransomware is a fantastic example of users not following safe hex
practices. If you have to pay a ransom to get your data back, you
have a bad data backup policy. If ransomware was able to gain
read/write access to important data, you have a policy
enforcement/network configuration ****up. IE: user error.


--
If "con" is the opposite of "pro", then what is the opposite of
progress?
Ads